Privacy Policy

Effective Date: January 2025  Version: 1.0  DATA PROTECTION AND SHOPIFY COMPLIANCE STATEMENT  VatamenPlug operates in full compliance with comprehensive data protection regulations including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Shopify's Privacy Requirements and Data Processing Agreement, Payment Card Industry Data Security Standards (PCI DSS), and all applicable international privacy frameworks. Our commitment to data protection is fundamental to our business operations and essential for maintaining customer trust.  As a Shopify merchant, we utilize Shopify's secure infrastructure for all e-commerce operations. Shopify processes payments on our behalf using bank-level security protocols, manages customer data with enterprise-grade protection, and ensures PCI compliance throughout the transaction process. This integration allows us to leverage world-class security infrastructure while focusing on delivering quality digital products to our customers. The website theme for this store was provided by shopify@scaled.info, who has no access to or involvement with customer data, transactions, or any business operations beyond providing the visual theme file.  ANTI-COUNTERFEIT DATA COOPERATION  We maintain an unwavering commitment to preventing counterfeit operations and will share all customer data with law enforcement agencies investigating counterfeit operations, intellectual property violations, or fraud. This cooperation is not optional but mandatory when we suspect  illegal activity. No warrant is required for our voluntary cooperation, and we proactively monitor for suspicious patterns and report potential violations to appropriate authorities.  This cooperation includes providing complete purchase history and transaction records, IP addresses and device information used to access our services, all communication records between us and suspected violators, payment details as legally permitted by financial regulations, comprehensive download and access logs showing usage patterns, and detailed pattern analysis data revealing suspicious behavior. We maintain strong relationships with federal law enforcement agencies and have contributed to numerous successful prosecutions of counterfeit traders. Our cooperation extends to the Federal Bureau of Investigation for criminal investigations, Homeland Security Investigations for import-related crimes, U.S. Customs and Border Protection for customs violations, the National IPR Center for coordinated enforcement, state and local law enforcement for regional cases, international agencies like INTERPOL for cross-border crimes, brand protection teams representing legitimate businesses, and Shopify's Trust and Safety team for platform violations. This comprehensive cooperation network ensures that those who misuse our information for illegal purposes face swift and severe consequences.  INFORMATION WE COLLECT AND WHY  Our data collection practices are limited to information essential for legal compliance and service delivery. For identity verification, we collect your full legal name as it appears on official documents, which is required for transaction records and tax reporting. Your email address serves as the primary delivery method for digital products and account communications. We collect billing addresses for accurate tax calculation and compliance with regional regulations. IP addresses are recorded for fraud prevention and geographic compliance verification, helping us identify and prevent suspicious activity patterns.  We maintain transaction records including all purchase details for the legally required 7-year retention period to meet tax law requirements. Where required by law, we collect tax identification numbers such as VAT IDs for EU customers. Device information including browser type, operating system, and hardware identifiers helps us provide technical support and prevent fraud. Communication records including support tickets and correspondence are maintained to provide quality customer service and for legal compliance.  We explicitly do not collect Social Security numbers unless absolutely required by law for specific tax reporting purposes. We never collect government identification documents, biometric data of any kind, health or medical information, political affiliations or beliefs, religious preferences, sexual orientation information, or any information from individuals under 18 years of age. These limitations ensure we maintain only the minimum necessary data to operate our business effectively while respecting customer privacy.  DATA USE, SHARING, AND PURPOSE LIMITATION  We use collected data for specific, legitimate purposes directly related to our business operations and legal obligations. Order fulfillment and digital delivery represent our core service, requiring customer information to complete transactions successfully. Legal compliance and tax reporting obligations necessitate maintaining accurate records for government authorities. Fraud prevention and security measures protect both our business and legitimate customers from criminal activity. Our anti-counterfeit enforcement efforts require analyzing transaction patterns and user behavior to identify potential illegal operations. We share customer data only with carefully selected partners necessary for business operations and legal compliance. Shopify Inc., our e-commerce platform provider, processes all transaction and account data through their secure infrastructure. Payment processors handle payment information in tokenized format to maintain security while enabling transactions. Law enforcement agencies receive data when investigating counterfeit operations or other crimes, often without requiring warrants when we detect suspicious activity. Brand protection teams are notified when we detect potential trademark or copyright violations. Legal authorities receive information as required by law or court order. Industry fraud prevention databases receive information about confirmed fraudulent activity to protect other merchants.  Marketing communications are processed only with explicit customer consent and remain entirely optional. All marketing messages include clear unsubscribe mechanisms allowing immediate opt-out. We never sell customer data to third parties for marketing purposes or share customer lists with other businesses. The theme provider, shopify@scaled.info, has no access to any customer data and is not involved in any data processing activities.  YOUR PRIVACY RIGHTS  Regardless of your location, you enjoy fundamental privacy rights including the ability to access and download all data we hold about you, correct any inaccuracies in your information, request deletion of non-essential data not required for legal compliance, export your data in standard portable formats, restrict or limit certain processing activities, and object to or opt-out of specific uses of your data. These rights form the foundation of our privacy program and demonstrate our commitment to customer control over personal information.  Residents of the European Union and United Kingdom enjoy additional rights under GDPR including the ability to withdraw consent at any time for consent-based processing, object to automated decision-making processes that significantly affect you, lodge complaints with supervisory authorities in your country, seek compensation for damages resulting from privacy violations, designate a representative to act on your behalf in privacy matters, and request data protection impact assessments for high-risk processing activities.  California residents have specific rights under CCPA including the right to know exactly what personal information is collected about you, understand if personal information is sold or disclosed to third parties, opt-out of any personal information sales, enjoy non-discrimination for exercising privacy rights, designate authorized agents to make requests on your behalf, and pursue a private right of action for certain data breaches involving sensitive information.  DATA RETENTION AND SECURITY  Certain data must be retained for legal compliance regardless of customer preference. Financial records are retained for 7 years to meet tax law requirements in multiple jurisdictions. Transaction data is maintained for 7 years for accounting and audit purposes. Legal documents are retained for 10 years to address potential litigation. Security logs are kept for 5 years to meet compliance requirements and enable investigation of historical incidents. Fraud records and evidence of illegal activity are retained permanently to prevent repeat offenses and support ongoing investigations.  We implement comprehensive technical and organizational safeguards to protect customer data from unauthorized access, disclosure, alteration, and destruction. All data is encrypted using AES-256 encryption at rest and TLS 1.3 encryption in transit, meeting or exceeding industry standards. We maintain role-based access controls ensuring employees can only access data necessary for their specific job functions. Our systems are monitored 24/7 through Shopify's security operations center, with immediate response to any detected threats. Regular security measures include monthly vulnerability scanning, employee security training, vendor security assessments, and incident response procedures ensuring rapid containment of any breaches.  INTERNATIONAL DATA TRANSFERS  As a globally accessible service, we transfer data internationally using approved legal mechanisms including Standard Contractual Clauses approved by the European Union for transfers outside the EEA, adequacy decisions where available between jurisdictions, and explicit consent for specific transfers when required. Our primary data storage is in the United States, with backup facilities in Canada and the European Union for redundancy and performance optimization. Shopify maintains servers in multiple global locations to ensure optimal performance and compliance with regional requirements.  CHILDREN'S PRIVACY  Our services are strictly limited to users 18 years and older. We do not knowingly collect information from minors and have implemented age verification measures to prevent underage access. If we discover data from anyone under 18, we immediately cease all processing of that data, delete all collected information within 48 hours, terminate the account permanently, and document the incident for compliance purposes. Parents or guardians who believe we may have collected information from a minor should contact us immediately.  CONTACT INFORMATION  For all privacy-related matters, our Data Protection Officer can be reached at privacy@VatamenPlug. We commit to responding to all privacy inquiries within 48 hours. Privacy rights requests can be submitted through our dedicated portal at  Privacy.VatamenPlug or via email to rights@VatamenPlug. For regulatory matters, EU residents should contact their local Data Protection Authority, UK residents should contact the Information Commissioner's Office, and California residents should contact the California Privacy Protection Agency.